mirror of
https://github.com/matrix-org/dendrite
synced 2024-12-24 18:53:46 +01:00
9c826d064d
Bumps [activesupport](https://github.com/rails/rails) from 6.0.5 to 6.0.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/releases">activesupport's releases</a>.</em></p> <blockquote> <h2>v6.0.6.1</h2> <h2>Active Support</h2> <ul> <li>No changes.</li> </ul> <h2>Active Model</h2> <ul> <li>No changes.</li> </ul> <h2>Active Record</h2> <ul> <li> <p>Make <code>sanitize_as_sql_comment</code> more strict</p> <p>Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input.</p> <p>This commit makes the sanitization more robust by replacing any occurrances of "/<em>" or "</em>/" with "/ <em>" or "</em> /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal.</p> <p>This also clarifies in the documentation of annotate that it should not be provided user input.</p> <p>[CVE-2023-22794]</p> </li> </ul> <h2>Action View</h2> <ul> <li>No changes.</li> </ul> <h2>Action Pack</h2> <ul> <li>No changes.</li> </ul> <h2>Active Job</h2> <ul> <li>No changes.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
---|---|---|
.. | ||
_sass/custom | ||
administration | ||
caddy | ||
development | ||
hiawatha | ||
images | ||
installation | ||
nginx | ||
other | ||
systemd | ||
_config.yml | ||
administration.md | ||
development.md | ||
FAQ.md | ||
Gemfile | ||
Gemfile.lock | ||
index.md | ||
INSTALL.md | ||
installation.md |